CN110083610A

CN110083610A - Data processing method, device, system, trust computing device, equipment and medium

Info

Publication number: CN110083610A
Application number: CN201910357686.2A
Authority: CN
Inventors: 肖伟
Original assignee: Beijing Baidu Netcom Science and Technology Co Ltd
Current assignee: Beijing Baidu Netcom Science and Technology Co Ltd
Priority date: 2019-04-29
Filing date: 2019-04-29
Publication date: 2019-08-02
Anticipated expiration: 2039-04-29
Also published as: CN110083610B

Abstract

The embodiment of the invention discloses a kind of data processing method, device, system, trust computing device, equipment and media.Wherein, this method is executed by trust computing device, and the trust computing device is based on hardware realization trusted computation environment, this method comprises: receiving the data analysis request that data user initiates；According to the data analysis request, from one or more data centers, by least a reading data needed for analysis to the trusted storage space of the trust computing device；The data of reading are analyzed and processed based on the parser run in the trust computing device according to the data analysis request, to generate processing result, are stored in the trusted storage space；The processing result is fed back into the data user.The technical solution provided through the embodiment of the present invention may be implemented data aggregate analysis processing, and can ensure the credibility and safety of Data Analysis Services process.

Description

Data processing method, device, system, trust computing device, equipment and medium

Technical field

The present embodiments relate to data processing technique more particularly to a kind of data processing methods, device, system, credible Computing device, equipment and medium.

Background technique

In big data era, various initial data, secondary treatment data are all the intangible assets for having economic value.All kinds of enterprises Between industry user, oneself some data can either be provided, it is also desirable to which other enterprise customers share some data, therefore number occur According to center.The data of oneself are provided to data center by various users, for other users payment or free trial.

In data center, data are all centralized processings.Sharing can not only be facilitated, additionally it is possible to carry out based on more parts of data Conjoint Analysis processing, this greatly improves the ability and efficiency of data processing, also provides the side of richer data processing Formula.

But there is also certain defects for the processing mode of data center: all data to be handled must quilt Data center is stored, data center could be handled based on respective algorithms, output processing result.However, in big data Generation, data are all the wealth of enterprise's preciousness, and enterprise is not desired to that the data center not controlled by itself data can not be put into, has gone At data analysis and process.However, there is the demand that data are carried out to Conjoint Analysis between enterprise again.The prior art needs to provide It is a kind of to solve above-mentioned contradictory data processing scheme.

Summary of the invention

The embodiment of the present invention provides a kind of data processing method, device, system, trust computing device, equipment and medium, with It realizes data aggregate analysis processing, and ensures the credibility and safety of Data Analysis Services process.

In a first aspect, the embodiment of the invention provides a kind of data processing method of decentralization, by trust computing device It executing, the trust computing device is based on hardware realization trusted computation environment, this method comprises:

Receive the data analysis request that data user initiates；

According to the data analysis request, from one or more data centers, by least a data needed for analysis It reads to the trusted storage space of the trust computing device；

According to the data analysis request, based on the parser run in the trust computing device, to the number of reading According to being analyzed and processed, to generate processing result, it is stored in the trusted storage space；

The processing result is fed back into the data user.

Second aspect, the embodiment of the invention also provides a kind of data processing methods of decentralization, are held by data center Row, the privately owned memory space of the data center for storing data, this method comprises:

Receive the data read request of trust computing device；

According to the data read request, data are transferred to the trust computing device from the privately owned memory space Trusted storage space；Wherein, the data are used to carry out at analysis for the parser run in the trust computing device Reason, to generate processing result, is stored in the trusted storage space, and feed back to data user.

The third aspect, the embodiment of the invention also provides a kind of data processing equipments of decentralization, are configured at credible meter It calculates in device, the trust computing device is based on hardware realization trusted computation environment, which includes:

Analysis request receiving module, the data analysis request that user initiates for receiving data；

Data read module is used for according to the data analysis request, from one or more data centers, by analyzing At least a reading data needed is to the trusted storage space of the trust computing device；

Data processing module, for being divided based on what is run in the trust computing device according to the data analysis request Algorithm is analysed, the data of reading are analyzed and processed, to generate processing result, are stored in the trusted storage space；

Processing result feedback module, for the processing result to be fed back to the data user.

Fourth aspect, the embodiment of the invention also provides a kind of data processing equipments of decentralization, are configured in data In the heart, for storing data, which includes: the privately owned memory space of the data center

Read requests receiving module, for receiving the data read request of trust computing device；

Data transmission module, for according to the data read request, data to be transmitted from the privately owned memory space To the trusted storage space of the trust computing device；Wherein, the data are used to supply to run in the trust computing device Parser is analyzed and processed, and to generate processing result, is stored in the trusted storage space, and feeds back to data use Side.

5th aspect, the embodiment of the invention also provides a kind of trust computing devices, comprising:

One or more processors；

One or more memories, as trusted storage space, for storing one or more programs, wherein the place Device and the memory is managed to realize based on reliable computing technology；

When one or more of programs are executed by one or more of processors, so that one or more of processing Device realizes the data processing method of decentralization described in first aspect.

6th aspect, the embodiment of the invention also provides a kind of equipment, comprising:

One or more processors；

Memory, for storing one or more programs；

When one or more of programs are executed by one or more of processors, so that one or more of processing Device realizes the data processing method of decentralization described in second aspect.

7th aspect, the embodiment of the invention also provides a kind of data processing system of decentralization, which includes:

Multiple data centers, the privately owned memory space of each data center is for storing data；

One or more trust computing devices, the trust computing device is using trust computing dress described in the 5th aspect It sets.

Eighth aspect, the embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer Program realizes the data processing method of decentralization described in first aspect, or realizes the when the program is executed by processor The data processing method of decentralization described in two aspects.

The data processing method of decentralization provided in an embodiment of the present invention, device, system, trust computing device, equipment And medium can be from one or more data centers by the data analysis request initiated according to the data user received By at least a reading data needed for analysis to the trusted storage space of trust computing device；Later, it is analyzed according to the data Request carries out the data read from one or more data centers based on the parser run in trust computing device Analysis processing, and then processing result is generated, it is stored in trusted storage space and feeds back to data user.This programme passes through benefit With trust computing device, it can guarantee that the data in each data center will not be stored in the insincere memory space of other data centers In；It can also be achieved data aggregate analysis processing simultaneously, and ensure the credibility and safety of Data Analysis Services process.

Detailed description of the invention

Fig. 1 is a kind of data processing system architecture diagram for decentralization that the embodiment of the present invention is applicable in；

Fig. 2 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention one；

Fig. 3 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention two；

Fig. 4 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention three；

Fig. 5 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention four；

Fig. 6 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention five；

Fig. 7 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention six；

Fig. 8 is a kind of structural schematic diagram of the data processing equipment of the decentralization provided in the embodiment of the present invention seven；

Fig. 9 is a kind of structural schematic diagram of the data processing equipment of the decentralization provided in the embodiment of the present invention eight；

Figure 10 is a kind of structural schematic diagram of the trust computing device provided in the embodiment of the present invention nine；

Figure 11 is a kind of structural schematic diagram of the equipment provided in the embodiment of the present invention ten；

Figure 12 is a kind of data processing system structural schematic diagram of the decentralization provided in the embodiment of the present invention 11.

Specific embodiment

The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.

Before introducing various embodiments of the present invention, first system architecture involved in the embodiment of the present invention is illustrated.Such as Shown in Fig. 1, the data processing system framework 100 of the decentralization of the present embodiment may include: multiple data centers 110, one Or multiple trust computing devices 120.

Wherein, each data center 110 belongs to the main body of a publication data, such as some enterprise, corresponding, data Center can be the calculating equipment or cluster device that the enterprise dominant is possessed, and the data for being issued the enterprise dominant are deposited Storage is controlled in privately owned memory space, and by the management of the enterprise dominant, and then can guarantee data in controlled range.Further , data center 110 is believable for owned enterprise's main body, but is incredible for other main bodys.

Trust computing be calculate and communication system etc. in be widely used based on credible under hardware security module support Platform is calculated, to improve the safety of system entirety；Trust computing device 120 can be the equipment configured with credible device, such as band The calculating equipment of the processor (being suitable for Internet environment) of SGX (Software Guard Extensions), or have The mobile terminal etc. of TEE (Trusted Execution Environment).The features such as big based on Data Analysis Data amount, this In embodiment, trust computing device 120 is preferably the calculating equipment configured with credible device.Further, trust computing device 120 can be based on a kind of trusted computation environment of hardware realization, realize specifically by hardware technology and guarantee memory space and calculating The believable environment of process, trusted computation environment can protect operate in code therein and data etc. will not be by any external software It distorts and steals.

Illustratively, trust computing device 120 can be one, and the data that can read all data centers 110 are gone forward side by side Row Conjoint Analysis processing；It can also be multiple, it can be based on existing parallel processing manner collaboration processing data, to improve data Analyze the efficiency etc. of processing.In the present embodiment, using trust computing device, it can guarantee that the data in each data center will not deposit Enter in the insincere memory space of other data centers；Simultaneously in the present embodiment, one or more trusted computation environments are equivalent to Virtual combination Modeling Platform based on multiple data centers is, it can be achieved that data aggregate analysis is handled, and is ensured at data analysis The credibility and safety of reason process.In addition, trust computing device can be the calculating independently of data center in the present embodiment Equipment can also be the local space being integrated in inside data center, guarantee credibility by hardware technology.

Optionally, the data processing system framework of the decentralization of the present embodiment can also include block chain network 130, use In recording the data fingerprint and relevant information of each link, for example, can be used for recording the data fingerprint of the issued data of data center With relevant data specifying-information, it is convenient for data center and the inquiry of trust computing device and verifying etc..In addition, also based on block chain It is capable of the entire process of monitoring data Conjoint Analysis processing, and then guarantees the orderly progress of entire process for using.

Optionally, the data processing system framework of the decentralization of the present embodiment can also include that (Fig. 1 is not by data user It shows).Wherein, data user refers to the main body for needing to be analyzed and processed using data, such as some enterprise etc..It is exemplary , data user can be the enterprise of some data center, and corresponding data center can be the data for constituting decentralization One in processing system framework, and then data user can be participated in the system based on the data center belonging to it, be realized Data analyzes demand；In addition, data user may not be the affiliated main body of data center, it can not be composition and go to center Any one of the data processing system framework of change data center, data user can be advised based on the participation of the default Then, it participates in the system, accesses, and then realize that data analyzes demand.

Embodiment one

Fig. 2 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention one, this implementation Example is applicable to the case where handling data, be particularly suitable in the data system framework based on decentralization one or The scene that interaction handles data between multiple trust computing devices, multiple data centers, data user etc., to solve The existing contradictory data processing method based on data center.The technical solution of the embodiment of the present invention is held by trust computing device Row, wherein trust computing device is based on hardware realization trusted computation environment.This method can be by the data processing equipment of decentralization It executes, which can be configured in the calculating equipment of trust computing device, realized in a manner of hardware and/or software. Referring to fig. 2, this method specifically includes:

S210 receives the data analysis request that data user initiates.

In the present embodiment, data analysis request can be data user when with data analysis requirements, to credible meter Calculate the request that device is initiated.It is specifically as follows data user when with data analysis requirements, passes through the data belonging to it Center, based on the communication mechanism of setting to request transmitted by trust computing device；There can also be number for data user When according to analysis demand, the request initiated by block chain network to trust computing device, for requesting block chain network should Data analysis request is stored in block chain, and the data analysis request is sent to trust computing device；It can also be data For user when with data analysis requirements, the communication mechanism based on setting is directly to request transmitted by trust computing device Deng.

In the present embodiment, it is empty that the data that each data center can issue its affiliated main body are stored in local privately owned storage Between in, while can based on the data fingerprint method of determination of setting, determine publication data data fingerprint；Then can according to really The storage location of fixed data fingerprint and relevant data specifying-information such as data, storage time, Data Identification, publisher's mark Knowledge and outline information introduction etc. generate data publication transactions requests, and are sent to block chain network, to request block chain network By data fingerprint and relevant data specifying-information associated storage.Wherein, Data Identification is one and plays the role of unique identification Identifier, if data in the privately owned memory space of data center are stored based on key-value pair, Data Identification be can be Key mark；Publisher's mark can be the uniqueness identifier for proving data publisher's identity, such as can be publisher ID, corresponding if publisher is enterprise, publisher's mark can be enterprise ID etc.；Outline information introduction is for briefly introducing number According to purposes (that is data can be used for that does), the field that can be applied etc..

Data user can be inquired from block chain when with data analysis requirements by interacting with block chain network The data specifying-information of each data center publication, to know that each data center can provide depositing for which data and data Storage space is set, and then can be according to the actual analysis demand etc. of itself, data needed for determining analysis；Meanwhile data user can By being interacted with trust computing device, to know parser that trust computing device is capable of providing；It then can be according to itself Actual analysis demand, analyze the parser that required data and trust computing device are capable of providing, determine analysis mould Type；And the data analysis request including analysis model is generated, and initiate to trust computing device.And then trust computing device can connect The data analysis request that data user initiates is received, includes analysis model in data analysis request optionally.

S220, according to data analysis request, from one or more data centers, by least a data needed for analysis It reads to the trusted storage space of trust computing device.

In the present embodiment, the trusted storage space of trust computing device refers to that trust computing device is preset, can use In storage from storage medium required for the data that each data center reads, can be any large capacity can be by each data The storage equipment that center is trusted such as can be memory storage space, caching etc..There is the access rate etc. being exceedingly fast due to caching Characteristic, therefore convenient for quickly analyzing data, the trusted storage space of trust computing device is preferably slow in the present embodiment It deposits.

It should be noted that if some trust computing device is located at the calculating equipment or cluster device of a data center In, since the data that the trust computing device is read may be other data centers, leaking data in order to prevent, usually Trust computing device is not allowed the data in caching to be written in the privately owned memory space such as disk of the data center where it.But It is that under some special screnes, such as security classification requires lower data, can be written into.

In the present embodiment, the division of data can be carried out according to data center, for example, can will read from data center Data are known as a data；For a data user, may need simultaneously data center provide different type/ The data of purposes further can carry out the division of data according to two dimensions of data center and data type/purposes, for example, Same type/purposes the data read from a data center can be known as to a data.

Specifically, trust computing device receive data user initiation data analysis request after, can basis At least a data and its storage location etc. specified by analysis model in data analysis request, from one where storage location Or it is read data in multiple data centers in trusted storage space.

S230, according to data analysis request, based on the parser run in trust computing device, to the data of reading into Row analysis processing, to generate processing result, is stored in trusted storage space.

In the present embodiment, parser refers in system architecture creation or in operational process, by the most of participation Negotiate to approve under the approval of number/all data centers such as line, the data analysis algorithm that determining trust computing device can be supported； Convenient for subsequent use, the analysis code for the parser that approved by most of/all data centers participated in can be written can Believe computing device.Illustratively, in the present embodiment, the data processing method of decentralization can also include: to receive by multiple The parser of data center's confirmation, is saved in the trusted storage space of trust computing device.It is specifically as follows, multiple data Center is held consultation common recognition, and parser is sent to trust computing device, and then trust computing by one of data center Device can directly receive the parser of data center transmission confirmed by multiple data centers, and be saved in credible meter In the trusted storage space for calculating device, later, each data center for participating in negotiating determination can be to write-in trust computing device The analysis code of parser is checked, and then reduces the probability etc. that parser is tampered.

Further, in order to guarantee that the fair and just of processing can not be distorted and be analyzed to parser, in decentralization In the case that data processing system framework includes block chain network, data center can be by the analysis by the confirmation of multiple data centers Algorithm is added on chain in store transaction request, and store transaction request on the chain is sent to block chain network, to request area The parser is written in block chain block chain network.Illustratively, the parser by the confirmation of multiple data centers is received, Be saved in the trusted storage space of trust computing device may include: that multiple data center's confirmations are obtained from block chain network Parser, be saved in the trusted storage space of trust computing device.It is specifically as follows, trust computing device can be from area The parser of multiple data center's confirmations is obtained in block chain network, and acquired parser is saved to trust computing and is filled In the trusted storage space set.

Specifically, trust computing device can according to the parser specified by analysis model in data analysis request, from The parser is called in the trusted storage space of trust computing device；Then using the data of reading as the ginseng of the parser Number, runs the parser based on trusted computation environment constructed by trust computing device, to generate processing result, and will be at this Result is managed in trusted storage space.

In order to guarantee the safety of data, the analysis according to specified by analysis model in data analysis request of trust computing device Algorithm can first verify the analysis of this calling after calling the parser in the trusted storage space of trust computing device Whether algorithm operates in trusted context, in the case where being verified, using the data of reading as the parameter of the parser, The parser is run based on trusted computation environment constructed by trust computing device, to generate processing result, and by the processing As a result in trusted storage space.

Processing result is fed back to data user by S240.

Specifically, trust computing device is calculated according to data analysis request based on the analysis run in trust computing device Method is analyzed and processed the data of reading, and after generating processing result, processing result can be fed back to data user.

Further, in order to guarantee the safety of data transmission, trust computing device can preferentially use preset encryption Strategy, which encrypts processing result, then to be fed back.It illustratively, can be with before processing result being fed back to data user It include: to encrypt processing result using the public key of data user.

Specifically, trust computing device is calculated according to data analysis request based on the analysis run in trust computing device Method is analyzed and processed the data of reading, can be from local or interact and obtain with data user after generating processing result Access then encrypts processing result using the public key of data user according to the public key of user, and by the processing of encryption As a result data user is fed back to, so that data user is decrypted using the processing result of the private key pair encryption of itself, into And obtain processing result.

In the present embodiment, trust computing device can also be encrypted processing result using other Encryption Algorithm.Example Property, it can also include: based on preset Encryption Algorithm, by processing result before processing result is fed back to data user It is encrypted using the public key of data user.Specifically, can be using the public key of data user as the input of Encryption Algorithm Parameter then encrypts processing result using the Encryption Algorithm with input parameter, the processing result encrypted.Data After user gets the processing result of encryption, using its own private key as the input parameter of Encryption Algorithm, band is then used There is the Encryption Algorithm of input parameter that processing result is decrypted, and then obtains processing result.

Technical solution provided in an embodiment of the present invention is asked by the data analysis initiated according to the data user received It asks, can deposit at least a reading data to the credible of trust computing device needed for analysis from one or more data centers Store up space；Later, according to the data analysis request, based on the parser run in trust computing device, to from one or more The data read in a data center are analyzed and processed, and then generate processing result, are stored in trusted storage space and are fed back Give data user.This programme can guarantee that the data in each data center will not be stored in it by utilizing trust computing device In the insincere memory space of his data center；It can also be achieved data aggregate analysis processing simultaneously, and ensure at data analysis The credibility and safety of reason process.

Embodiment two

Fig. 3 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention two, this implementation Example on the basis of the above embodiments, in the case where the data processing system framework of decentralization includes block chain network, into The optimization of one step.Referring to Fig. 3, this method is specifically included:

S310 receives the data analysis request that data user initiates.

S320, according to data analysis request, from one or more data centers, by least a data needed for analysis It reads to the trusted storage space of trust computing device.

S330 verifies the data of reading based on the data fingerprint of the every part of data stored in block chain network.

In the present embodiment, data fingerprint is a kind of anti-fake signature scheme, has uniqueness effect；For every part of data Speech, can carry out the division of different unit data granularities to it, and then every part of data can correspond to one or more according to actual demand Data fingerprint.Specifically, each data center, it can be based on the full dose content of every part of data of its publication, according to set algorithm, meter It calculates and generates one or more data fingerprints.Wherein, set algorithm is that each data center makes an appointment, and is referred to for generating data The algorithm of line, such as can be hash algorithm.

It should be noted that every part of data can correspond to one or more data fingerprints, it is to carry out units by this part of data It is determined according to the division result of granularity.Wherein, a unit data can be a data, a data block or a minimum memory Unit (KV key-value pair).It optionally, may include one or more unit datas in every part of data of each data center's publication, The corresponding data fingerprint of each unit data.If a unit data is a data, each data center can be based on it The full dose content of every part of data of publication calculates according to set algorithm and generates a data fingerprint；If a unit data is one A data block, then each data center, the every part of data that can be issued are divided into multiple data blocks, for each data block, A data fingerprint can be generated according to set algorithm based on the full dose content of the data block；If unit data be one most Small storage cell, then each data center can be based on this most for each minimum memory unit in every part of data of its publication The data content of small storage cell generates a data fingerprint according to set algorithm.

Specifically, in order to guarantee read data be it is effective, trust computing device from one or more data centers, After at least a reading data to the trusted storage space of trust computing device needed for analysis, it can be obtained from block chain Take the data fingerprint of at least a data needed for analysis；And based on each list included by least a data needed for analysis The full dose content of position data calculates the data fingerprint of each unit data according to set algorithm, that is, is calculated needed for analysis One or more data fingerprints of at least a data；The data fingerprint being then calculated, and obtains from block chain The data fingerprint for obtaining at least a data needed for analysis carries out uniformity comparison, if unanimously, it is determined that read data It is effective；It is inconsistent if it exists, that is to say, that some/data fingerprints of certain unit datas is inconsistent, then it can be by data The inconsistent unit data of fingerprint is lost.

Further, it is also possible to be, trust computing device is from one or more data centers one unit data of every reading, then base In the full dose content of the unit data data fingerprint of the unit data is calculated according to set algorithm, will be then calculated The data fingerprint of the data unit stored in data fingerprint, with block chain carries out uniformity comparison.According to this operation, until point Until all data needed for analysis all read and have verified.

S340 then confirms that the data of reading are effective if the verification passes.

Specifically, leading to if the data fingerprint of each unit data included by least a data needed for analysis is verified It crosses, then confirms that the data of reading are effective.If it exists some/data fingerprints of certain unit datas is not verified, then can be true It is fixed it is read some/certain unit datas are invalid, abandoned, and analyze failure information to data user's feedback data； Or can determine that read all data are invalid, read all data are abandoned, and is fed back to data user Data analyze failure information etc..

S350, according to data analysis request, based on the parser run in trust computing device, to the data of reading into Row analysis processing, to generate processing result, is stored in trusted storage space.

Processing result is fed back to data user by S360.

Specifically, trust computing device, which can be, is fed directly to data user for processing result, it is also possible to first adopt Processing result is encrypted with the public key of data user, the processing result of encryption is then fed back into data user.

S370, the data fingerprint of calculation processing result are uploaded in block chain network and are stored；Wherein, block link network The data fingerprint of the processing result stored in network, for being verified for data user to the processing result received.

In the present embodiment, trust computing device, can be with while processing result is fed back to data user or later According to preset data fingerprint method of determination, the data fingerprint of each unit data in calculation processing result, and will meter The data fingerprint of obtained processing result is added on chain in store transaction request, is generated and in block chain network send chain The request of result data fingerprint store transaction may be used also with requesting block chain network that block chain is written in the data fingerprint of processing result To be that request block chain network is medium in block chain by the data fingerprint associated storage of data analysis request and processing result.In turn Data user can calculate the data fingerprint of the processing result after the processing result for getting the transmission of trust computing device, Then by the data fingerprint for the processing result being calculated, carried out with the data fingerprint of the processing result obtained from block chain network Uniformity comparison, if unanimously, it is determined that processing result is effective, otherwise in vain.

It should be noted that processing result can also be equivalent to the data newly issued, therefore, by the data fingerprint of processing result It is stored in block chain network, later other data user, when needing using the data, can be sent to trust computing device Data analysis request, so that data fingerprint of the trust computing device based on the processing result stored in block chain network, there is it Effect property is verified.

Trace to the source for the ease of subsequent, inquire and/or update processing result etc., trust computing device generate processing result it Afterwards, data analysis request, processing result can also be established and analyze the incidence relation between required data, and the association is closed System is sent to block chain network, to request block chain network by processing result and data needed for analyzing, and is stored in block link network The corresponding storage of data analysis request in network.Illustratively, data analysis request is stored in block chain network, and processing result With data needed for analysis, storage corresponding with data analysis request.In turn, if some data be proved to be mistake, be tampered It crosses or upgrades and have updated, then can find the processing result generated based on this data according to incidence relation, these processing are tied Fruit is updated.

Technical solution provided in an embodiment of the present invention, in order to guarantee that read data are effective, trust computing devices It can be by being interacted with block chain network, the data fingerprint of every part of data needed for obtaining the analysis stored in block chain network, and Data fingerprint afterwards based on the every part of data stored in block chain network, verifies the data of reading；And it is read in verifying The effective situation of data under, the data of reading are analyzed and processed, to generate processing result, are stored in trusted storage space And feed back to data user；Meanwhile the fingerprint of processing result is also stored in block chain network by trust computing device, convenient for number Processing result is verified according to user.This programme can be guaranteed in each data center by utilizing trust computing device Data will not be stored in the insincere memory space of other data centers；It can also be achieved data aggregate analysis processing simultaneously, and Ensure the credibility and safety of Data Analysis Services process.In addition, recording the data fingerprint of each link using block chain network With related data description information etc., convenient for data center, data user and the inquiry of trust computing device and verifying etc.；And Based on block chain can also monitoring data analysis processing entire process, and then guarantee the orderly progress of entire process for using.

Embodiment three

Fig. 4 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention three, this implementation Example is on the basis of the above embodiments, further to optimize.Referring to fig. 4, this method specifically includes:

S410 receives the data analysis request that data user initiates.

S420, according to data analysis request, inquiry is with the presence or absence of data needed for analyzing in trusted storage space.

In the present embodiment, for reading in the data in trusted storage space, since trusted storage space uses strategy Restriction, trusted storage space need to be purged, when as full such as trusted storage space, be cleared data to discharge trusted storage sky Between, thus trust computing device need to have read again data when, need the data are read from data center again；If Existing in trust computing device needs data to be used, then can be used directly, without reading again from data center.

As a kind of embodiment of the present embodiment, if trusted storage space is caching, corresponding, trusted storage space It the use of strategy is caching using strategy, then the data processing method of the decentralization in the present embodiment can also include: according to setting Data in trusted storage space are discharged and are removed using strategy by fixed caching.

Wherein, caching is the amount of capacity for being in advance based on trusted storage space and each data center using strategy What demand etc. was set；Optionally, caching can be every removing reading data after carrying out primary analysis processing using strategy；Also It can be after trusted storage space is filled with data, once removed；After can also be that each trust computing device exits, automatically Remove the data etc. read in trusted storage space.Further, it is also possible to be other reasonable data dump strategies, the present embodiment pair This is without limitation.Specifically, trust computing device can be released the data in trusted storage space in real time according to caching using strategy Put removing.

Specifically, after the data analysis request for receiving data user initiation, it can be according in data analysis request At least a data, are first inquired in the trusted storage space of trust computing device, with determination specified by analysis model With the presence or absence of data needed for analyzing in trusted storage space.

S430, if it does not exist, then from one or more data centers, by least a reading data needed for analysis To the trusted storage space of trust computing device.

Specifically, can directly be used if trusted storage space has the required total data of analysis；If trusted storage Partial data needed for space has analysis, then can be from one or more data centers, by remaining data needed for analysis It reads into the trusted storage space of trust computing device.If trusted storage space there is no data needed for analyzing, can be from It is in one or more data centers, the trusted storage of at least a reading data to trust computing device needed for analysis is empty Between.

S440 verifies the data of reading based on the data fingerprint of the every part of data stored in block chain network.

It should be noted that being verified, therefore can directly make for reading in the data in trusted storage space With without verifying again；And the data for being read from data center again, it need to be verified.

S450 then confirms that the data of reading are effective if the verification passes.

S460 calls the parser prestored in trust computing device according to data analysis request, and verifies parser Whether operate in trusted computation environment.

In the present embodiment, in order to guarantee the safety of data, may include in the parser by the confirmation of multiple data centers Self-test code segment, once a certain parser prestored in trust computing device is called, then the parser will transport automatically Row self-test code segment, to verify whether itself operates in trusted computation environment.

Specifically, trust computing device can according to the parser specified by analysis model in data analysis request, from The parser is called in the trusted storage space of trust computing device, then the parser will automatic running self-test code Section, to verify whether itself operates in trusted computation environment.

S470 then allows to continue to execute parser if the verification passes, to be analyzed and processed to the data of reading.

In the present embodiment, trust computing device can be according to verification result, it is determined whether the parser is continued to execute, with right The data of reading are analyzed and processed.Specifically, allowing to continue to execute parser if being verified, with the number to reading According to being analyzed and processed；If verifying does not pass through, do not allow to continue to execute parser.

S480, according to data analysis request, based on the parser run in trust computing device, to the data of reading into Row analysis processing, to generate processing result, is stored in trusted storage space.

Processing result is fed back to data user by S490.

Technical solution provided in an embodiment of the present invention analyzes involved in treatment process data by trust computing device Operation is verified and is verified to whether parser operates in trusted computation environment such as the validity of the data read Deng ensure that the safety of the data in each data center and the reliability for the treatment of process.

Example IV

Fig. 5 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention four, this implementation Example is applicable to the case where handling data, be particularly suitable in the data system framework based on decentralization one or The scene that interaction handles data between multiple trust computing devices, multiple data centers, data user etc., to solve The existing contradictory data processing method based on data center.The technical solution of the embodiment of the present invention is executed by data center, Wherein, the privately owned memory space of data center is for storing data.This method can be held by the data processing equipment of decentralization Row, the device can be configured in data center, be realized in a manner of hardware and/or software.Referring to Fig. 5, this method is specific May include:

S510 receives the data read request of trust computing device.

In the present embodiment, data read request refers to trust computing device in the data point for receiving data user initiation Analysis request, and after at least a data and its storage location required according to the determining analysis of data analysis request, generation Including required at least a Data Identification of data and the data read request of storage location.Optionally, if needed for analysis At least a data are from different data centers, and for each data center, trust computing device is then corresponding to generate packet Include the data read request of the Data Identification and its storage location that need the data read from the data center, and then the number It can receive the data read request of trust computing device transmission according to center.

Data are transferred to the credible of trust computing device according to data read request by S520 from privately owned memory space Memory space；Wherein, data are used to be analyzed and processed for the parser run in trust computing device, to generate processing knot Fruit is stored in trusted storage space, and feeds back to data user.

In the present embodiment, for each data center, privately owned memory space refers to for storing its affiliated main body Storage medium required for the data of publication can be the storage equipment of any large capacity, such as can be memory storage space, It can be disk storage space etc..Since the data saved after disk power-off will not lose, and it is permanent in the case where not removing It saves, and the data that the affiliated main body of data center is issued have the demand for maintaining secrecy and permanently storing etc., therefore, the present embodiment It is preferred that privately owned memory space is disk storage space.

Specifically, can be read according to data after data center receives the data read request that trust computing device is sent The Data Identification for including in request and storage location etc. are taken, data are read from privately owned memory space, and based on preset The data of reading are transmitted in the trusted storage space of trust computing device by communication mechanism, for in trust computing device The parser of operation is analyzed and processed, and to generate processing result, is stored in trusted storage space, and feeds back to data use Side.

The data that its affiliated main body is issued are stored in respectively by technical solution provided in an embodiment of the present invention, each data center From privately owned memory space in, it is ensured that data in each data center guarantee the peace of data in controllable range Entirely；The data center for receiving the data read request of trust computing device transmission simultaneously, can will count according to data read request According to the trusted storage space for being transferred to trust computing device from privately owned memory space, for for being run in trust computing device Parser is analyzed and processed, and to generate processing result, is stored in trusted storage space, and feed back to data user.This Scheme can guarantee that the data in each data center will not be stored in other data centers not by utilizing trust computing device In trusted storage space；It can also be achieved data aggregate analysis processing simultaneously, and ensure the credibility of Data Analysis Services process And safety.

Embodiment five

Fig. 6 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention five, this implementation Example is on the basis of the above embodiments, further to optimize.Referring to Fig. 6, this method be can specifically include:

S610 receives the data read request of trust computing device.

Data are transferred to the credible of trust computing device according to data read request by S620 from privately owned memory space Memory space；Wherein, data are used to be analyzed and processed for the parser run in trust computing device, to generate processing knot Fruit is stored in trusted storage space, and feeds back to data user.

S630, the data that will newly issue are stored in privately owned memory space.

In the present embodiment, for each data center, if the data center receives the data that its affiliated main body is newly issued, Then the data of the new publication are stored in privately owned memory space.It is specifically as follows, the data that will newly issue, stores number according to it According to mode be stored in privately owned memory space such as key-value pair form.

S640 calculates the data fingerprint for the data newly issued.

It should be noted that every part of data can correspond to one or more data fingerprints, it is to carry out units by this part of data It is determined according to the division result of granularity.Wherein, a unit data can be a data, a data block or a minimum memory Unit (KV key-value pair).It optionally, include one or more unit datas, Mei Gedan in new publication/announced every part of data The corresponding data fingerprint of position data.

Specifically, be directed to each data center, the data which will newly issue, be stored in privately owned memory space it Afterwards, the data fingerprint for the data newly issued can be calculated.Specifically, if a unit data is a data, it can be new based on it The full dose content of every part of data of publication calculates according to set algorithm and generates a data fingerprint；If a unit data is one Every part of data of its new publication can be then divided into multiple data blocks by a data block, for each data block, can be based on the data The full dose content of block generates a data fingerprint according to set algorithm；If a unit data is a minimum memory unit, For each minimum memory unit in every part of data of its new publication, can be pressed based on the data content of the minimum memory unit A data fingerprint is generated according to set algorithm.

The data specifying-information of data fingerprint and new publication data is uploaded to block chain network together and is deposited by S650 Storage.

Wherein, for being verified for trust computing device when reading data, data specifying-information is used for data fingerprint Data content and data storage location are inquired for data user.Optionally, data specifying-information can include but is not limited to count According to storage location, storage time, Data Identification, publisher's mark and outline information introduction etc..

Specifically, it is directed to each data center, it can be raw according to the data specifying-information of data fingerprint and new publication data At data publication transactions requests, and it is sent to block chain network, to request block chain network by data fingerprint and relevant number According to description information associated storage.Such as can be, the data specifying-information of data fingerprint and new publication data is added to data It issues in transactions requests, and will be sent out including the data publication transactions requests of the data specifying-information of data fingerprint and new publication data It send to block chain network, to request block chain network by data fingerprint and relevant data specifying-information associated storage.

It should be noted that S630 to S650 to the operating process of new publication data can after S610 and S620 or it Preceding execution can also independently execute, and it is not limited in the embodiment of the present invention.

The data that its affiliated main body is issued are stored in respectively by technical solution provided in an embodiment of the present invention, each data center From privately owned memory space in, it is ensured that data in each data center guarantee the peace of data in controllable range Entirely；Simultaneously by the data fingerprint of the data of publication and publication data data specifying-information, be uploaded to together block chain network into Row storage, convenient for subsequent each data center, data user and the inquiry of trust computing device and verifying etc..

Embodiment six

Fig. 7 is a kind of flow chart of the data processing method of the decentralization provided in the embodiment of the present invention six, this implementation Example on the basis of the above embodiments, provides a kind of one or more trust computing device, multiple data centers, data use The preferred embodiment that interaction handles data between side etc..Referring to Fig. 7, this method be can specifically include:

S710, data user generates data analysis request, and initiates to trust computing device.

S720, trust computing device receive the data analysis request that data user initiates.

S730, trust computing device send reading data to one or more data centers and ask according to data analysis request It asks.

S740, one or more data centers receive the data read request of trust computing device, and according to reading data Data, are transferred to the trusted storage space of trust computing device by request from private room.

S750, data fingerprint of the trust computing device based on the every part of data stored in block chain network, to the number of reading According to being verified.

S760, if the verification passes, the then data that the confirmation of trust computing device is read are effective, according to data analysis request, Based on the parser run in trust computing device, the data of reading are analyzed and processed, to generate processing result, storage In trusted storage space.

Processing result is fed back to data user by S770, trust computing device.

Technical solution provided in an embodiment of the present invention can be guaranteed in each data center by utilizing trust computing device Data will not be stored in the insincere memory space of other data centers；It can also be achieved data aggregate analysis processing simultaneously, and And ensure the credibility and safety of Data Analysis Services process.In addition, being referred to using the data that block chain network records each link Line and related data description information etc., convenient for data center, data user and the inquiry of trust computing device and verifying etc.；And And based on block chain can also monitoring data analysis processing entire process, and then guarantee the orderly progress of entire process for using.

Embodiment seven

Fig. 8 is a kind of structural schematic diagram of the data processing equipment for decentralization that the embodiment of the present invention seven provides, the dress It sets in the calculating equipment for being configured in trust computing device, decentralization provided by the embodiment of the present invention one to three can be performed Data processing method has the corresponding functional module of execution method and beneficial effect.Wherein, it is real to be based on hardware for trust computing device Existing trusted computation environment, as shown in figure 8, the device can specifically include:

Analysis request receiving module 810, the data analysis request that user initiates for receiving data；

Data read module 820 is used for according to data analysis request, from one or more data centers, by analyzing At least a reading data needed is to the trusted storage space of trust computing device；

Data processing module 830, for being calculated based on the analysis run in trust computing device according to data analysis request Method is analyzed and processed the data of reading, to generate processing result, is stored in trusted storage space；

Processing result feedback module 840, for processing result to be fed back to data user.

Illustratively, above-mentioned apparatus can also include: Data Verification module, which specifically can be used for:

It is analyzed and processed to the data of reading, before generating processing result, based on what is stored in block chain network The data fingerprint of every part of data verifies the data of reading；

If the verification passes, then confirm that the data of reading are effective.

Illustratively, above-mentioned apparatus can also include: result data fingerprint transmission module, which specifically can be used for:

While processing result is fed back to data user or later, the data fingerprint of calculation processing result is uploaded to It is stored in block chain network；Wherein, the data fingerprint of the processing result stored in block chain network, for being used for data Side verifies the processing result received.

Illustratively, above-mentioned apparatus can also include:

Encrypting module, for before processing result is fed back to data user, processing result to be used using data The public key of side is encrypted.

Illustratively, above-mentioned apparatus can also include: parser authentication module, which specifically can be used for:

The data of reading are being carried out based on the parser run in trust computing device according to data analysis request Analysis processing, to generate processing result, is stored in front of trusted storage space, according to data analysis request, calls trust computing The parser prestored in device, and verify whether parser operates in trusted computation environment；

If the verification passes, then allow to continue to execute parser, to be analyzed and processed the data of reading.

Illustratively, above-mentioned apparatus can also include:

Parser receiving module is saved in credible meter for receiving the parser by the confirmation of multiple data centers In the trusted storage space for calculating device.

Illustratively, parser receiving module specifically can be used for:

The parser that multiple data center's confirmations are obtained from block chain network, is saved in the credible of trust computing device In memory space.

Illustratively, data read module 820 specifically can be used for:

According to data analysis request, inquiry is with the presence or absence of data needed for analyzing in trusted storage space；

If it does not exist, then at least a reading data needed for analysis extremely may be used from one or more data centers Believe the trusted storage space of computing device.

Illustratively, if trusted storage space is caching, above-mentioned apparatus can also include:

Data in trusted storage space are discharged and are removed for caching according to setting using strategy by data dump module.

Illustratively, data analysis request is stored in block chain network, and data needed for processing result and analysis, with number It is stored according to analysis request is corresponding.

Embodiment eight

Fig. 9 is a kind of structural schematic diagram of the data processing equipment for decentralization that the embodiment of the present invention eight provides, the dress It sets and is configured in data center, the data processing method of decentralization provided by the embodiment of the present invention four to five can be performed, Have the corresponding functional module of execution method and beneficial effect.Wherein, the privately owned memory space of data center for storing data, As shown in figure 9, the device can specifically include:

Read requests receiving module 910, for receiving the data read request of trust computing device；

Data transmission module 920, for data being transferred to from privately owned memory space credible according to data read request The trusted storage space of computing device；Wherein, data are used to carry out at analysis for the parser run in trust computing device Reason, to generate processing result, is stored in trusted storage space, and feed back to data user.

Illustratively, above-mentioned apparatus can also include:

Memory module, the data for will newly issue, is stored in privately owned memory space；

Data fingerprint computing module, for calculating the data fingerprint for the data newly issued；

Data transmission module, for being uploaded to block together for the data specifying-information of data fingerprint and new publication data Chain network is stored；Wherein, data fingerprint for trust computing device when reading data for being verified, data description letter Breath is for inquiring data content and data storage location for data user.

It illustratively, include one or more unit datas, each unit data corresponding one in the every part of data newly issued A data fingerprint.

Embodiment nine

Figure 10 is a kind of structural schematic diagram for trust computing device that the embodiment of the present invention ten provides.Figure 10, which is shown, to be suitable for For realize embodiment of the present invention exemplary trusted computing device 1012 block diagram.The trust computing device that Figure 10 is shown 1012 be only an example, should not function to the embodiment of the present invention and use scope bring any restrictions.Optionally, credible Computing device typical case can be calculating equipment.

As shown in Figure 10, trust computing device 1012 is showed in the form of universal computing device.Trust computing device 1012 Component can include but is not limited to: one or more processor or processing unit 1016, one or more memories 1028, connect the bus 1018 of different system components (including memory 1028 and processing unit 1016).Wherein, one or more A processor or processing unit 1016 and memory 1028 are realized based on reliable computing technology；Memory 1428 is deposited as credible Space is stored up, memory 1028 preferably caches.

Bus 1018 indicates one of a few class bus structures or a variety of, including memory bus or memory control Device, peripheral bus, graphics acceleration port, processor or total using the local of any bus structures in a variety of bus structures Line.For example, these architectures include but is not limited to industry standard architecture (ISA) bus, microchannel architecture (MAC) bus, enhanced isa bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) are total Line.

Trust computing device 1012 typically comprises a variety of computer system readable media.These media can be any energy Enough usable mediums accessed by trust computing device 1012, including volatile and non-volatile media, it is movably and not removable Dynamic medium.

Memory 1028 may include the computer system readable media of form of volatile memory, such as arbitrary access is deposited Reservoir (RAM) 1030 and/or cache memory 1032.Trust computing device 1012 may further include other removable Dynamic/immovable, volatile/non-volatile computer system storage medium.Only as an example, storage system 1034 can be used In reading and writing immovable, non-volatile magnetic media (Figure 10 do not show, commonly referred to as " hard disk drive ").Although in Figure 10 not It shows, the disc driver for reading and writing to removable non-volatile magnetic disk (such as " floppy disk ") can be provided, and to removable The CD drive of dynamic anonvolatile optical disk (such as CD-ROM, DVD-ROM or other optical mediums) read-write.In these situations Under, each driver can be connected by one or more data media interfaces with bus 1018.Memory 1028 can wrap At least one program product is included, which has one group of (for example, at least one) program module, these program modules are matched It sets to execute the function of various embodiments of the present invention.

Program/utility 1040 with one group of (at least one) program module 1042 can store and for example store In device 1028, such program module 1042 includes but is not limited to operating system, one or more application program, other programs It may include the realization of network environment in module and program data, each of these examples or certain combination.Program mould Block 1042 usually executes function and/or method in embodiment described in the invention.

Trust computing device 1012 can also be with one or more external equipments 1014 (such as keyboard, sensing equipment, display Device 1024 etc.) communication, the equipment interacted with the trust computing device 1012 communication can be also enabled a user to one or more, And/or with enable the trust computing device 1012 and one or more of the other any equipment (example for being communicated of calculating equipment Such as network interface card, modem etc.) communication.This communication can be carried out by input/output (I/O) interface 1022.Also, it can Believe that computing device 1012 can also be by network adapter 1020 and one or more network (such as local area network (LAN), wide area Net (WAN) and/or public network, such as internet) communication.As shown, network adapter 1020 passes through bus 1018 and can Believe other modules communication of computing device 1012.It should be understood that although not shown in the drawings, trust computing device 1012 can be combined Using other hardware and/or software module, including but not limited to: microcode, device driver, redundant processing unit, external magnetic Dish driving array, RAID system, tape drive and data backup storage system etc..

Processing unit 1016 by the program that is stored in memory 1028 of operation, thereby executing various function application and Data processing, such as realize the data processing method of decentralization provided by the embodiment of the present invention.

Embodiment ten

Figure 11 is a kind of structural schematic diagram for equipment that the embodiment of the present invention ten provides.Figure 11, which is shown, to be suitable for being used to realizing The block diagram of the example devices 1112 of embodiment of the present invention.The equipment 1112 that Figure 11 is shown is only an example, should not be right The function and use scope of the embodiment of the present invention bring any restrictions.1112 typical case of equipment can be carrying data center's function Calculate arbitrary calculating equipment in equipment or cluster device.

As shown in figure 11, equipment 1112 is showed in the form of universal computing device.If 1112 component may include but not Be limited to: one or more processor or processing unit 1116, memory 1128 connect (including the storage of different system components Device 1128 and processing unit 1116) bus 1118.It wherein, include privately owned memory space in memory 1128, for storing Data.

Bus 1118 indicates one of a few class bus structures or a variety of, including memory bus or memory control Device, peripheral bus, graphics acceleration port, processor or total using the local of any bus structures in a variety of bus structures Line.For example, these architectures include but is not limited to industry standard architecture (ISA) bus, microchannel architecture (MAC) bus, enhanced isa bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) are total Line.

Equipment 1112 typically comprises a variety of computer system readable media.These media can be it is any can be by equipment The usable medium of 1112 access, including volatile and non-volatile media, moveable and immovable medium.

Memory 1128 may include the computer system readable media of form of volatile memory, such as arbitrary access is deposited Reservoir (RAM) 1130 and/or cache memory 1132.Equipment 1112 may further include other removable/not removable Dynamic, volatile/non-volatile computer system storage medium.Only as an example, storage system 1134 can be used for reading and writing not Movably, non-volatile magnetic media (Figure 11 do not show, commonly referred to as " hard disk drive ").It, can although being not shown in Figure 11 To provide the disc driver for reading and writing to removable non-volatile magnetic disk (such as " floppy disk "), and it is non-volatile to moving Property CD (such as CD-ROM, DVD-ROM or other optical mediums) read and write CD drive.In these cases, each drive Dynamic device can be connected by one or more data media interfaces with bus 1118.Memory 1128 may include at least one Program product, the program product have one group of (for example, at least one) program module, these program modules are configured to perform this Invent the function of each embodiment.

Program/utility 1140 with one group of (at least one) program module 1142 can store and for example store In device 1128, such program module 1142 includes but is not limited to operating system, one or more application program, other programs It may include the realization of network environment in module and program data, each of these examples or certain combination.Program mould Block 1142 usually executes function and/or method in embodiment described in the invention.

Equipment 1112 can also be with one or more external equipments 1114 (such as keyboard, sensing equipment, display 1124 Deng) communication, can also be enabled a user to one or more equipment interact with the equipment 1112 communicate, and/or with make this Any equipment (such as network interface card, modem etc.) that equipment 1112 can be communicated with one or more of the other calculating equipment Communication.This communication can be carried out by input/output (I/O) interface 1122.Also, equipment 1112 can also be suitable by network Orchestration 1120 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network, such as because of spy Net) communication.As shown, network adapter 1120 is communicated by bus 1118 with other modules of equipment 1112.It should be understood that Although not shown in the drawings, other hardware and/or software module can be used with bonding apparatus 1112, including but not limited to: microcode, Device driver, redundant processing unit, external disk drive array, RAID system, tape drive and data backup storage System etc..

Processing unit 1116 by the program that is stored in memory 1128 of operation, thereby executing various function application and Data processing, such as realize the data processing method of decentralization provided by the embodiment of the present invention.

Embodiment 11

Figure 12 is a kind of data processing system structural schematic diagram of the decentralization provided in the embodiment of the present invention 11.It should System 1200 may include: multiple data centers 1210, and one or more trust computing devices 1220.Wherein, every number According to center 1210 privately owned memory space for storing data；Trust computing device 1220 is using credible meter described in embodiment ten Calculate device.

Further, which can also include: block chain network 1230, data fingerprint for storing data, It is inquired for data center and trust computing device.

Illustratively, data center 1210 is deployed in individual physical devices；

Trust computing device 1220 is deployed in the physical equipment of any one or more data centers 1210 or credible meter Device 1220 is calculated to be deployed in other physical equipments independently of data center 1210.

Embodiment 12

The embodiment of the present invention 12 additionally provides a kind of computer readable storage medium, is stored thereon with computer program, The program can realize the data processing method of decentralization described in above-mentioned any embodiment when being executed by processor.The computer Readable storage medium storing program for executing can be configured in data center, can also be configured on trust computing device.

The computer storage medium of the embodiment of the present invention, can be using any of one or more computer-readable media Combination.Computer-readable medium can be computer-readable signal media or computer readable storage medium.It is computer-readable Storage medium for example may be-but not limited to-the system of electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, device or Device, or any above combination.The more specific example (non exhaustive list) of computer readable storage medium includes: tool There are electrical connection, the portable computer diskette, hard disk, random access memory (RAM), read-only memory of one or more conducting wires (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD- ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.In this document, computer-readable storage Medium can be any tangible medium for including or store program, which can be commanded execution system, device or device Using or it is in connection.

Computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal, Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for By the use of instruction execution system, device or device or program in connection.

The program code for including on computer-readable medium can transmit with any suitable medium, including --- but it is unlimited In wireless, electric wire, optical cable, RF etc. or above-mentioned any appropriate combination.

The computer for executing operation of the present invention can be write with one or more programming languages or combinations thereof Program code, described program design language include object oriented program language-such as Java, Smalltalk, C++, Further include conventional procedural programming language-such as " C " language or similar programming language.Program code can be with It fully executes, partly execute on the user computer on the user computer, being executed as an independent software package, portion Divide and partially executes or executed on a remote computer or server completely on the remote computer on the user computer.? Be related in the situation of remote computer, remote computer can pass through the network of any kind --- including local area network (LAN) or Wide area network (WAN)-be connected to subscriber computer, or, it may be connected to outer computer (such as mentioned using Internet service It is connected for quotient by internet).

Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation, It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.

Claims

1. a kind of data processing method of decentralization, which is characterized in that executed by trust computing device, the trust computing dress It sets based on hardware realization trusted computation environment, which comprises

Receive the data analysis request that data user initiates；

According to the data analysis request, from one or more data centers, by least a reading data needed for analysis To the trusted storage space of the trust computing device；

According to the data analysis request, based on the parser run in the trust computing device, to the data of reading into Row analysis processing, to generate processing result, is stored in the trusted storage space；

The processing result is fed back into the data user.

2. the method according to claim 1, wherein the data to reading are analyzed and processed, to generate processing As a result before, further includes:

Based on the data fingerprint of the every part of data stored in block chain network, the data of reading are verified；

3. the method according to claim 1, wherein the processing result is fed back to the data user's Simultaneously or after, further includes:

The data fingerprint for calculating the processing result is uploaded in block chain network and is stored；Wherein, the block chain network The data fingerprint of the processing result of middle storage, for being verified for the data user to the processing result received.

4. method according to claim 1 or 2 or 3, which is characterized in that the processing result, which is fed back to the data, to be made Before side, further includes:

The processing result is encrypted using the public key of the data user.

5. method according to claim 1 or 2 or 3, which is characterized in that according to the data analysis request, based on described The parser run in trust computing device is analyzed and processed the data of reading, to generate processing result, is stored in institute Before stating trusted storage space, further includes:

According to the data analysis request, the parser prestored in the trust computing device is called, and verifies the analysis Whether algorithm operates in trusted computation environment；

If the verification passes, then allow to continue to execute the parser, to be analyzed and processed the data of reading.

6. method according to claim 1 or 2 or 3, which is characterized in that further include:

The parser by the confirmation of multiple data centers is received, is saved in the trusted storage space of trust computing device.

7. according to the method described in claim 6, it is characterized in that, receive by multiple data centers confirmation parser, It is saved in the trusted storage space of trust computing device, comprising:

The parser that multiple data center's confirmations are obtained from block chain network, is saved in the trusted storage of trust computing device In space.

8. method according to claim 1 or 2 or 3, which is characterized in that according to the data analysis request, from one or In multiple data centers, will at least a reading data needed for analysis to the trusted storage space of the trust computing device, Include:

According to the data analysis request, inquiry is with the presence or absence of data needed for analyzing in the trusted storage space；

If it does not exist, then from one or more data centers, will at least a reading data needed for analysis to it is described can Believe the trusted storage space of computing device.

9. method according to claim 1 or 2 or 3, which is characterized in that the trusted storage space is caching, then described Method further include:

It caches according to setting using strategy, the data in the trusted storage space is discharged and are removed.

10. according to the method described in claim 3, it is characterized by: the data analysis request is stored in the block link network In network, and data needed for the processing result and analysis, storage corresponding with the data analysis request.

11. a kind of data processing method of decentralization, which is characterized in that executed by data center, the private of the data center There is memory space for storing data, which comprises

Receive the data read request of trust computing device；

According to the data read request, what data were transferred to the trust computing device from the privately owned memory space can Believe memory space；Wherein, the data are used to be analyzed and processed for the parser run in the trust computing device, with Processing result is generated, is stored in the trusted storage space, and feed back to data user.

12. according to the method for claim 11, which is characterized in that further include:

The data that will newly issue are stored in the privately owned memory space；

Calculate the data fingerprint of the data of the new publication；

By the data specifying-information of the data fingerprint and the new publication data, it is uploaded to block chain network together and is deposited Storage；

Wherein, the data fingerprint is used to be verified for the trust computing device when reading data, the data description Information is used to inquire data content and data storage location for the data user.

13. according to the method for claim 12, which is characterized in that include one or more single in the every part of data newly issued Position data, the corresponding data fingerprint of each unit data.

14. a kind of data processing equipment of decentralization, which is characterized in that be configured in trust computing device, the credible meter It calculates device and is based on hardware realization trusted computation environment, described device includes:

Data read module is used for according to the data analysis request, from one or more data centers, needed for analyzing At least a reading data is to the trusted storage space of the trust computing device；

Data processing module, for being calculated based on the analysis run in the trust computing device according to the data analysis request Method is analyzed and processed the data of reading, to generate processing result, is stored in the trusted storage space；

15. a kind of data processing equipment of decentralization, which is characterized in that it is configured in data center, the data center For storing data, described device includes: privately owned memory space

Data transmission module, for according to the data read request, data to be transferred to institute from the privately owned memory space State the trusted storage space of trust computing device；Wherein, the data are used for the analysis for running in the trust computing device Algorithm is analyzed and processed, and to generate processing result, is stored in the trusted storage space, and feed back to data user.

16. a kind of trust computing device characterized by comprising

One or more processors；

One or more memories, as trusted storage space, for storing one or more programs, wherein the processor It is realized with the memory based on reliable computing technology；

When one or more of programs are executed by one or more of processors, so that one or more of processors are real The now data processing method of the decentralization as described in any in claim 1-10.

17. a kind of equipment characterized by comprising

One or more processors；

Memory, for storing one or more programs；

When one or more of programs are executed by one or more of processors, so that one or more of processors are real The now data processing method of the decentralization as described in any one of claim 11-13.

18. a kind of data processing system of decentralization characterized by comprising

One or more trust computing devices, the trust computing device is using trust computing device described in claim 16.

19. system according to claim 18, which is characterized in that further include:

Block chain network, data fingerprint for storing data are inquired for the data center and the trust computing device.

20. system according to claim 18, which is characterized in that

The data center section is deployed in individual physical devices；

The trust computing device is deployed in the physical equipment of any one or more data centers or the credible meter Device is calculated to be deployed in other physical equipments independently of the data center section.

21. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor The data processing method of the decentralization as described in any in claim 1-10 is realized when execution, or realizes claim The data processing method of decentralization described in any one of 11-13.